The National Information Technology Development Agency (NITDA) has issued a critical alert about a newly discovered vulnerability in embedded SIM (eSIM) technology, warning that the flaw could expose more than 2 billion smartphones, tablets, wearables, and Internet of Things (IoT) devices to large-scale cyber threats.
The flaw is linked to the GSMA TS.48 Generic Test Profile (versions 6.0 and earlier), commonly used in radio compliance testing of embedded Universal Integrated Circuit Cards (eUICC). Devices using these older test profiles are at risk.
NITDA warned that attackers could exploit the vulnerability to gain physical or remote access to affected devices. This could allow them to: Install malicious applets, extract sensitive cryptographic keys, and clone eSIM profiles
Such exploitation could lead to unauthorized communication interception, persistent device control, and covert backdoor installations at the SIM card level.
To reduce the risk, NITDA urged: Device manufacturers and service providers to immediately deploy Kigen OS patches via over-the-air (OTA) updates. Stakeholders are to adopt the updated GSMA TS.48 version 7.0 and remove outdated test profiles that increase vulnerability.
The agency stressed that prompt action is essential to closing security gaps and protecting users from what may be one of the most widespread cyber threats in recent years.
An eSIM (embedded SIM) is a digital SIM card built directly into a device. It provides the same functionality as a traditional physical SIM, but with greater flexibility. Users can activate or switch carriers without physically changing the SIM card.
eSIMs are seen as the future of mobile connectivity, offering convenience and support for increasingly compact or wearable devices.
eSIM technology was first introduced in Nigeria in 2020 when the Nigerian Communications Commission (NCC) approved MTN and 9mobile to run a one-year trial involving 5,000 users. Following a successful trial, both operators officially launched the service.
In January 2023, Airtel joined them in offering eSIM support, enabling users with compatible devices to switch from physical SIMs to embedded ones. However, the exact number of eSIM users in Nigeria remains unknown.
